Author Topic: How i Prevent myself from getting Deauth Frames/Packets...???  (Read 7662 times)

FurqanHanif

  • Newbie
  • *
  • Posts: 6
    • View Profile
is their any program which rejects Deauth Packets or Frames so my Network ain't disconnect if someone send me Deauth Packets>..  :'(  ???



weVeg

  • Hero Member
  • *****
  • Posts: 737
    • View Profile
Reply #1 on: January 30, 2014, 06:17:25 PM
I don't know if you/we can prevent that! As I know, it's not possible! Only make a strong password!
I hope that someone can disappoint me!!

una voce libera รจ sempre liberatrice
under_r00t


ostendali

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 587
    • View Profile
Reply #2 on: January 31, 2014, 10:14:33 PM
you can't prevent deauth attack, becaue it is a legitimate tcp request. it is about the management frames in the 802.11 specification. So technically speaking, it is not possible but assuming that you can tell to your router to not deauth the client, in this case you will never be able to disconnect or connect at all to your device.

i hope that clarified the issue enough.

as far as I know, unless you don't invent a new protocol, it is not possible to prevent.

Instead, if you are annoyed from these attacks, you can hide your bissd and use the stronger auth algorithm. Also configure your client (yur computer) to not authenticate in auto once deauthenticated and leave to the user to decide to do that manually.

cya



b4d_bl0ck

  • Sr. Member
  • ****
  • Posts: 285
    • View Profile
Reply #3 on: January 31, 2014, 11:12:54 PM
True all what has been said since now... basically you can hardly mitigate it.

Anyways:
Quote
you can't prevent deauth attack, becaue it is a legitimate tcp request.
They are not TCP requests. These messages are 802.11 management frames and are exchanged at a deeper level, i guess Data Link (MAC) layer. ;)

All that happens because these management frames in 802.11 are not authenticated/encrypted, so everyone can spoof them.
In this way the target MAC address can be specified as the source of the Deauth request, and the AP will happyly deauth that station without any check.

HERE you can read some nice explanations. You can jump to Deauth sections to understand this particular issue.
And scrolling a bit down to Practical Attacks and Defenses, in the deauth section, they propose a mitigation system for this attack, consisting in monitoring the network, buffering the deauth requests in a queue for a given timeout (so not deauthenticating the station as soon as it arrives) and then wait for a timeout. If data frames arrive after the deauth request, the AP discards the deauth request, because this is an inconsisten behaviour, since a station would never send a deauth request and after that continue to send/receive data.
Really interesting...

Enjoy!  ;)
« Last Edit: January 31, 2014, 11:18:01 PM by b4d_bl0ck »

bool secure = check_paranoia() ? true : false;


ostendali

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 587
    • View Profile
Reply #4 on: February 04, 2014, 11:51:57 PM
True all what has been said since now... basically you can hardly mitigate it.

Anyways:
Quote
you can't prevent deauth attack, becaue it is a legitimate tcp request.
They are not TCP requests. These messages are 802.11 management frames and are exchanged at a deeper level, i guess Data Link (MAC) layer. ;)

All that happens because these management frames in 802.11 are not authenticated/encrypted, so everyone can spoof them.
In this way the target MAC address can be specified as the source of the Deauth request, and the AP will happyly deauth that station without any check.

HERE you can read some nice explanations. You can jump to Deauth sections to understand this particular issue.
And scrolling a bit down to Practical Attacks and Defenses, in the deauth section, they propose a mitigation system for this attack, consisting in monitoring the network, buffering the deauth requests in a queue for a given timeout (so not deauthenticating the station as soon as it arrives) and then wait for a timeout. If data frames arrive after the deauth request, the AP discards the deauth request, because this is an inconsisten behaviour, since a station would never send a deauth request and after that continue to send/receive data.
Really interesting...

Enjoy!  ;)
Maybe I misexplained myself, I meant to say that once the dauth happens succesfully the request to reconnect to the router is a legitimate tcp request.
you can understand this also from the next sentence about what I said "it is about the management frames in the 802.11 specification".
I always use to be lazy in explaining well things,,,
However, now it more clear I hope.